Why use an authentication provider?
Some Interana users like to use an authentication provider instead of the standard Interana password authentication flow. The benefits of using an auth provider include exercising more control over which users in your organization can register for Interana and providing a single sign-on method for Interana and other applications you use.
Before you start...
Make sure you've spoken with your customer success manager to determine which authentication provider best fits your needs. Your CSM will also give you two pieces of information that you will need before you start: the Sign-On URL and the AppID.
Now you're ready to set up your Okta authentication application!
1. Open the Okta Admin Portal
2. On the right side, click Add Applications
3. Click Create New App
4. Choose "Web" as Platform and "SAML 2.0" for Sign on method then click Create
5. In the General Settings section, name your application and optionally add a logo. Click Next.
6. You will be prompted to fill out the SAML settings for your application. Please leave everything as the default except the following fields:
a. Single sign on URL: enter the Sign-On URL from your CSM. Make sure to select "Use this for Recipient URL and Destination URL."
b. Audience URI: enter the AppID from your CSM.
c. Name ID format: select EmailAddress
7. Click Next to finish editing the SAML setttings. You may be prompted to take a short survey; at the end, click Finish. This should return you to the main screen.
8. Click Applications
9. Find the application you just created, then open it
10. Click Sign On
11. Under "SAML 2.0," click on the "Identity Provider metadata" link to download the metadata.
12. Please send this metadata to your CSM or to email@example.com. You can send us either the metadata file or a link to the hosted file.
13. Assign users to your application
Don't forget to send us your Federation Metadata Document! Once we have that, we can get everything hooked up on our side. We will work with you to plan a time to switch over to the new authentication flow and have someone on your team validate that everything is working properly.